Andrew Haley wrote:
https://bugs.openjdk.java.net/show_bug.cgi?id=100057
GetJavaProperties has a stack-allocated fixed size buffer for holding a copy of
a string returned by setlocale(3). However, there is no guarantee that the
string will fit into this buffer.
This one is probably due to Solaris code being reused for Linux. The
patch has been in IcedTea for a long while.
OK to push, OpenJDK 7 and 6?
Andrew
I can't say I know this code very well but I see that the full-locale
name can also be copied into temp when the locale is an alias. This
makes me wonder if temp might need to be realloc'ed there? Also, I
wonder if the return from malloc should be checked.
I've created a corresponding sunbug for this:
6844255: Potential stack corruption in GetJavaProperties
-Alan
